|Publication number||US7434057 B2|
|Application number||US 11/043,072|
|Publication date||Oct 7, 2008|
|Filing date||Jan 27, 2005|
|Priority date||Jan 27, 2005|
|Also published as||US20060168450|
|Publication number||043072, 11043072, US 7434057 B2, US 7434057B2, US-B2-7434057, US7434057 B2, US7434057B2|
|Original Assignee||Hitachi, Ltd.|
|Export Citation||BiBTeX, EndNote, RefMan|
|Patent Citations (4), Referenced by (10), Classifications (15), Legal Events (5)|
|External Links: USPTO, USPTO Assignment, Espacenet|
1. Field of the Invention
This invention relates to a storage networking system, and more specifically to a file server system or a network attached storage (NAS) system configured to achieve protection of data or a file using watermarking.
2. Description of the Related Art
One of the main expectations for a storage networking system is to share data from several hosts or users on consolidated storage resources. A file server system or a Network Attached Storage system (NAS) is a typical example of a system to achieve these expectations. A file server may include elements of a typical computer such as, for example, a processor, memory, and input/output (I/O) handling capabilities. Both systems are storage networking systems to provide file IF (interface). A Content Addressable Storage (CAS) system is another example of a system to achieve these expectations. Originally, CAS products have been used to provide object IF, however, recent CAS products also provide file IF.
Recently, increasing storage security or data security has become one of the main requirements from customers. Copyright protection is one example for satisfying these requirements. In this regard, customers want to share data or files within users, but they also want to protect an owners' right from any infringement from the users. Current storage networking systems cannot solve this requirement. For example, NAS only provides file access control mechanism using ACL (access control list), which does not protect copyrights on the file.
U.S. patent application Ser. No. 20030161468 discloses a NAS system that inserts a watermark into a file when the file is stored into a NAS system. Because the inserted watermark describes copyright information in the file, the system can protect any copyright violation from users psychologically. Also, it is easy to find copyright violation, because infringing copy of the file still contains the watermark.
On the other hand, Watermark or Digital Watermark is a well known technology that enables additional information (watermark information) to be inserted or embedded into data or contents, such as image, picture, motion picture, sound, and so on. If the watermark information contains copyright information, it can protect copyright violation in terms of psychological point of view. Also, even if the copyright violation occurs, it is much easier to detect the violation, since most of the current watermark technologies enable the watermark still to exist in the violated data.
There are two types of Watermark technologies, visible watermark and invisible watermark. The visible watermark directly shows additional information such as copyright notices to users, which prevent users psychologically from violating the copyright. The invisible watermark hides the information inside data. In other words, humans cannot notify the information in the data. This is achieved by inserting the information into specific part of the data where humans visually or acoustically cannot identify.
Therefore, there is a need for copyright protection functionalities on a file server system, a NAS system, a CAS system or any other storage networking systems, without impacting any other changes to the existing IF, e.g. File IF.
A system and method for watermarking in accessed data that includes a client device, a file system manager, a file server, and a storage network. The client device is connected to a network and includes a file access application. The file system manager is connected to the network and sets watermark control information. The file server is connected to the network and includes: (1) a file writing process including a file watermark examination procedure and an action procedure, the action procedure determining an action based on a result of the file watermark examination; and (2) a file reading process including a watermark definition procedure, a file handle/memory preparation procedure, a file data copy procedure, and a watermark insertion procedure. The storage network is operatively connected to the file server and includes at least one storage device. During a read request the watermark definition procedure determines whether a file to be read is to be watermarked with a watermark based on a user at the client device that requested to read the file. During a write request, whether the write request is processed or not is based on the user and whether the file to be written contains a watermark.
The present invention is further described in the detailed description which follows in reference to the noted plurality of drawings by way of non-limiting examples of embodiments of the present invention in which like reference numerals represent similar parts throughout the several views of the drawings and wherein:
The particulars shown herein are by way of example and for purposes of illustrative discussion of the embodiments of the present invention. The description taken with the drawings make it apparent to those skilled in the art how the present invention may be embodied in practice.
Further, arrangements may be shown in block diagram form in order to avoid obscuring the invention, and also in view of the fact that specifics with respect to implementation of such block diagram arrangements is highly dependent upon the platform within which the present invention is to be implemented, i.e., specifics should be well within purview of one skilled in the art. Where specific details (e.g., circuits, flowcharts) are set forth in order to describe example embodiments of the invention, it should be apparent to one skilled in the art that the invention can be practiced without these specific details. Finally, it should be apparent that any combination of hard-wired circuitry and software instructions can be used to implement embodiments of the present invention, i.e., the present invention is not limited to any specific combination of hardware circuitry and software instructions.
Although example embodiments of the present invention may be described using an example system block diagram in an example host unit environment, practice of the invention is not limited thereto, i.e., the invention may be able to be practiced with other types of systems, and in other types of environments.
Reference in the specification to “one embodiment” or “an embodiment” means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the invention. The appearances of the phrase “in one embodiment” in various places in the specification are not necessarily all referring to the same embodiment.
According to embodiments of the present invention, if a file server 100 receives a file open request to read the file from a client 180, the file server: (1) determines whether or not the requested file is watermarked based on the requesting user information, and determines the content of the watermark in case the file needs to be watermarked, (2) prepares a specific file handle to point to a memory area (e.g., cache memory) storing the watermarked file, thus separating the watermarked file from the original file to make sure that normal file read requests can access the original file through the original file handle, (3) copies file data from the original file into the memory area, which will be accessed through the specific file handle, and (4) inserts the prepared watermark in the copied file data in the memory area.
According to embodiments of the present invention, since any file read requests are executed through the specific handle and its associated data in the memory, there is no need to modify the existing protocols or the client programs. Further, because the watermark may contain not only copyright information, but also use right information, the watermark can provide users psychologically peace of mind regarding any possible infringement of the copyright and/or the use right. Moreover, the watermark examination methods may be provided in a client device, a gateway, a file server or any other components in the system to allow easy detection of copyright violations, and execution of any follow-up actions. The follow-up actions may be based on predefined policies or rules if copyright or other violations are detected. Embodiments of the present invention may also be used to embed additional information, such as content description or any other metadata, inside the data itself. The embedded information can be used to provide better services such as, for example, data search, autonomous management using meta data, etc. One example of autonomous management is data lifecycle management that enables data to be managed in appropriate tiered storage devices, such as expensive high performance and reliability storage devices, and inexpensive low performance storage devices.
The file server 100 may be connected to several storage devices 105 through a Storage Area Network (SAN) 103. Some examples of storage area network protocols include SCSI (Small Computer System Interface), Fibre Channel, FICON (Fibre Connectivity), ESCON (Enterprise Systems Connectivity), etc. The storage devices 105 provide data storing services to the file server 100. The file server 100 may be a NAS Gateway or NAS Head, and the file server 100 combined with the storage devices through storage networks may also be called “NAS” itself. Further, according to embodiments of the present invention, CAS can be achieved using the same system architecture shown in
The clients 180 may contain applications 181 that access files. The clients 180 may also contain FS client programs, which are not shown in the diagram. Some examples of these programs include NFS client, CIFS client, HTTP client, etc. According to this embodiment of the present invention, the system can use ordinary client programs even if there are new functionalities (described following) provided by the file server 100.
A typical file server 100 may include a protocol operation program 120, several file service programs such as, for example, File Open, File Create, File Read, File Write, File Seek, File Close, control information, and a File I/O (input/output) program 170. The protocol operation program 120 may handle common services for file service programs such as, for example, protocol understanding, user authentication, access control, etc. Through the protocol operation program 120, a particular file service may be provided to the clients 180. To help illustrate this embodiment of the present invention,
A File Reading process 130 may contain sub-processes or procedures related to (1) define watermark based on user information 131, (2) prepare specific file handle 132, (3) copy file data to specific file handle 133, and (4) insert watermark into specific file handle 134. A define watermark based on user information process 131 may determine whether or not the system inserts a watermark into the requested file based on the requesting user information. For example, if the requesting user is asked to use the file in restricted condition, the watermark that indicates the condition would be inserted. This process may also define the content of the watermark itself if the file needs to be watermarked. The content may also depend on the requesting user and/or the requesting environment such as, for example, date and time.
Inserting the watermark into the file means that the watermarked file itself becomes different from the original file itself, but its size and other metadata may be the same as the original so that the watermarked file mimics the original and make clients process the file under the same way as the original. Therefore, a Prepare Specific File Handle process 132 may be necessary to prepare another file handle to point the watermarked file to make sure that normal file read requests can access the original file through the original file handle.
Generally speaking, a unit of watermarking is different from a unit of a file read request. Therefore, it may be convenient that all watermarking processes be done before any file read procedure occurs. A Copy File Data to Specific File Handle process 133 copies file data into the cache memory to prepare watermarking method. The memory area is generally accessed through the file handle. An Insert Watermark into Specific File Handle process 134 inserts the prepared watermark in the copied file data in the memory area. This embodiment of the present invention does not depend on any specific watermarking technologies, as the watermarking methods used may depend on each specific implementation. The watermarking technologies may be required to be robust enough for any editing.
A File Writing process 140 may also contain sub-processes or procedures related to (1) examine watermark in file process 141 and (2) action based on examination result process 142. Before the file is closed, an examine watermark in file process 141 may examine the file to determine if any watermark is contained in the file. This embodiment of the present invention does not depend on any specific watermark examination technologies, as the watermark examination process used may depend on each specific implementation of the present invention.
If a watermark is detected, an appropriate action is taken. For example, if the watermark indicates that the user is not allowed to keep the copy or any modification, an Action based on Examination Result process may provide an alert message to the client and refuse to save the file. The action taken may depend on predefined rules or policies. These predefined rules/policies may be pre-stored at the file server or stored/updated dynamically. Moreover, these rules/policies may be stored in the file as the watermark.
Some examples of control information include Access Control List (ACL) 151 and Watermark Control Information 161. An ACL 151 defines access control to a file that may have been received from a user. Also, a Watermark Control Information 161 defines watermark control received from a user regarding a file. Based on the control information, the define watermark process 131 defines a watermark. According to this embodiment of the present application, the file server 100 contains the watermark control information 161. A File I/O process 170 handles data I/O in the file server 100 to and from a storage network 103. This process may be the same as in an ordinary file server.
A FS Manager 190 may provide an interface, such as a Graphical User Interface (GUI) or a Command Line Interface, for users to manager the file server 100. According to this embodiment of the present invention, the FS Manager 190 may contain a process 191 of setting watermark control information. This process provides an interface to input or edit the watermark control information 161. According to the embodiments of the present invention, a file reading process 130 contains the process of inserting the watermark, in contrast to the prior art in which the writing process contains the method of inserting the watermark. Although the embodiment of the present invention shown in
The client may include processes for a File Open Request 200, a File Read Request 230, and a File Close Request 250. The client 180 may issue a File Open Request 200 to read the file from the file server 100. The request 200 is sent to the file server 100 with parameters 201 such as for example but not limited to, a File name, a User ID, etc. A Session ID may be sent to the file server 100, instead of sending the User ID, if a session between the client 180 and the file server 100 is established after the user has logged into the file server the first time. At the file server 100, a file open procedure 210 may be executed after the file server 100 receives the request 200 with the parameters 201 from the client 180. According to this embodiment of the present invention, the process of defining a watermark based on user information 131 and the process of preparing a specific file handle 132 may be executed as parts of a file open procedure 210. Further, according to this embodiment of the present invention, the file open procedure 210 returns a file handle 202, a specific file handle in the case that the watermark will be inserted into data copied from the file handle into a memory area at the specific file handle, otherwise, the procedure returns an ordinary file handle. In a case where metadata, such as file size, is changed after watermarking the data at the specific file handle, a new metadata area is prepared and filled with non-changed and changed metadata. The system lets the specific file handle identify the new metadata area. However, this may be a rare case since the client may prepare its memory space for the file before the file is read from the server and, therefore, its memory size should be the same as the original file size. Further, ordinary watermarking technology may not change the size of original files.
After the file is opened, the file server prepares for a file read procedure. In general, the file server may pre-read the file, or a part of the file, into its cache memory to accelerate the file read procedure. According to this embodiment of the present invention, the pre-read process 220 may contain the process of copying the file data to a memory area at the specific file handle 133 and the process of inserting the prepared watermark into the copied data 134. These two processes may also be executed in a case where the file needs to be watermarked under a file read request 230. However, if a file server does not support the pre-read process, the file read procedure 240 may contain the process of copying a requested part of the file data to a memory area at the specific file handle 133 and the process of inserting the prepared watermark into the copied data 134.
The client 180 may issue a File Read Request 230 with some parameters 231 such as, for example, file handle, offset, length, etc. The file server 100 executes a File Read Procedure 240, which reads data from the memory area (e.g., cache memory) at the file handle with the condition of the offset and the length and returns the data 232 to the client 180. According to this embodiment of the present invention, the client can gain access to the watermarked file data using the specific file handle without modifying the ordinary protocol used by the client.
The client 180 may issue a File Close Request 250 with the file handle 251. The file server 100 may execute a File Close Procedure 260, which releases the file handle and returns an acknowledgement 252 to the client 180. According to this embodiment of the present invention, the procedure may also release the memory spaces of watermarked data and its metadata identified by the file handle in a case that either of them is prepared. This process is not shown in the
In the case of a stateless file server, there is no File Open Request process or File Open Procedure. Instead of the request, the file server monitors a File Read Request from a particular user and a client and considers the very first File Read Request as being the same as a File Open Request. Then the file server executes the same process described in the File Open process 210 and the File Pre-read process 220 above within the File Pre-read Process. Further, the status of the file read request may be managed with a timestamp. If the duration between each File Read Request exceeds a certain time, the file server realizes that the file is closed.
In general, the file server may temporarily save the written data into its cache memory in case of file write request, and store the overall file data into the disk in case of the file close request. The example embodiment shown in
The client may include processes for a File Create Request 300, a File Write Request 320, and a File Close Request 340. The client 180 may issue a File Create Request 300 with some parameters 301 such as, for example but not limited to, a File name, a User ID, File Attributes, etc. The file server 100 may execute a File Create Procedure 310, which creates a new file handle for the new file and returns the file handle to the client 180. In another embodiment of the present invention, a file create request may not be issued. The client 180 may issue a File Write Request 320 with some parameters 321 such as, for example, the file handle, an offset, the data to be written, etc. The file server 100 executes the File Write Procedure 330, which writes data into a memory space at the file handle with the condition of the offset, and returns an acknowledgement.
The client 180 may issue a File Close Request 340 with some parameters 341 such as, for example, the file handle, etc. The file server 100 executes the File Close Procedure 350, which may release the file handle and returns an acknowledgement 342 to the client 180. According to this embodiment of the present invention, an Examine Watermark in File process 141 that examines a watermark in the file specified by the file handle, and an Action based on Examination Result process 142 that executes an action based on the examination result, are present. These processes are useful to detect any copyright violation before the infringed file is stored into the file server 100, which may be used and shared by many devices.
In the case of a stateless file server, there may be no File Close Request and no File Close Procedure. Therefore, the Examine Watermark in File process 141 and the Action based on Examination Result process 142 may be executed in a post-write process in which file data in the cache memory is stored in the storage devices. In another embodiment of the present invention, the file server 100 may monitor a specific event such as a releasing file lock event and then executes the Examine Watermark in File process 141 and the Action based on Examination Result process 142.
The rows 410, 411, 412, 413, 414 and 415 describe examples of watermark control information. In each entry, “NULL” indicates that the information does not need to be watermarked. If all entries are “NULL” in a row as the row 410 shows, this indicates no information needs to be watermarked. Also, “XXX”, “YYY” and “ZZZ1” are just examples of the information representing watermarks.
A memory area may be prepared, for example, in a cache memory, 805. The file handle may be used to specify the file data to be watermarked. Data of the file is copied into a memory area associated with a specific File Handle (i.e. cache memory), 806. Since the original data still exists on the storage device, the data in the memory area at the specific File Handle indicates a copy of the file data. In general, the method of watermarking may depend on the file type (e.g., text, jpeg, PDF, PowerPoint, bitmap, etc.). Therefore, the file type may be obtained to help determine the method of watermarking, 807. The method of watermarking is defined and the prepared watermark is inserted into the data, 808. The process returns to other normal operations in the file read process, 809.
The process executes an action based on the detected watermark and the pre-defined policies or rules. The policies or rules may be included in the watermark. Examples of the action are: refusing the file write request and returning an alert message, accepting the file write request but destroying the file itself in the file server, sending a message to an appropriate authority to notify a possible copyright violation, and so on.
In another embodiment, a gateway server may be capable of examining the watermark, as shown in
In still another embodiment of the present invention, the file server itself may contain a process of examining a watermark, as shown in
It is noted that the foregoing examples have been provided merely for the purpose of explanation and are in no way to be construed as limiting of the present invention. While the present invention has been described with reference to a preferred embodiment, it is understood that the words that have been used herein are words of description and illustration, rather than words of limitation. Changes may be made within the purview of the appended claims, as presently stated and as amended, without departing from the scope and spirit of the present invention in its aspects. Although the present invention has been described herein with reference to particular methods, materials, and embodiments, the present invention is not intended to be limited to the particulars disclosed herein, rather, the present invention extends to all functionally equivalent structures, methods and uses, such as are within the scope of the appended claims.
|Cited Patent||Filing date||Publication date||Applicant||Title|
|US5822432 *||Jan 17, 1996||Oct 13, 1998||The Dice Company||Method for human-assisted random key generation and application for digital watermark system|
|US6522769 *||May 18, 2000||Feb 18, 2003||Digimarc Corporation||Reconfiguring a watermark detector|
|US6785815 *||Jun 7, 2000||Aug 31, 2004||Intertrust Technologies Corp.||Methods and systems for encoding and protecting data using digital signature and watermarking techniques|
|US20030161468||Feb 28, 2002||Aug 28, 2003||Hitachi, Ltd.||Storage device and system|
|Citing Patent||Filing date||Publication date||Applicant||Title|
|US7634630 *||Mar 26, 2007||Dec 15, 2009||Emc Corporation||Storing authentication information in a content unit on an object addressable storage system|
|US8032755 *||Dec 5, 2005||Oct 4, 2011||Microsoft Corporation||Request linked digital watermarking|
|US8756437||Aug 24, 2009||Jun 17, 2014||Datcard Systems, Inc.||System and method of encryption for DICOM volumes|
|US8788519||Oct 23, 2009||Jul 22, 2014||John C. Canessa||System and methods for metadata management in content addressable storage|
|US8799221||Apr 22, 2011||Aug 5, 2014||John Canessa||Shared archives in interconnected content-addressable storage systems|
|US8799650||Dec 9, 2011||Aug 5, 2014||Datcard Systems, Inc.||Secure portable medical information system and methods related thereto|
|US8930470||Apr 22, 2011||Jan 6, 2015||Datcard Systems, Inc.||Event notification in interconnected content-addressable storage systems|
|US9111017||Apr 7, 2011||Aug 18, 2015||Datcard Systems, Inc.||Personal information system|
|US20070130467 *||Dec 5, 2005||Jun 7, 2007||Microsoft Corporation||Request linked digital watermarking|
|US20160026827 *||Jul 22, 2014||Jan 28, 2016||Cheng-Han KO||Method and System for Adding Dynamic Labels to a File and Encrypting the File|
|U.S. Classification||713/176, 726/26|
|Cooperative Classification||G06F2221/2141, G06F2221/0737, H04N1/32144, H04N1/2191, G06F21/6218, H04N1/2179, H04N1/2183|
|European Classification||G06F21/62B, H04N1/21C3Q, H04N1/21C3S, H04N1/21C3, H04N1/32C19|
|Jan 27, 2005||AS||Assignment|
Owner name: HITACHI, LTD., JAPAN
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:YAGAWA, YUICHI;REEL/FRAME:016578/0267
Effective date: 20050126
|Mar 7, 2012||FPAY||Fee payment|
Year of fee payment: 4
|May 20, 2016||REMI||Maintenance fee reminder mailed|
|Oct 7, 2016||LAPS||Lapse for failure to pay maintenance fees|
|Nov 29, 2016||FP||Expired due to failure to pay maintenance fee|
Effective date: 20161007